The 2nd European Workshop on Usable Security
UPMC Campus Jussieu - Paris, France
April 29, 2017

The European Workshop on Usable Security (EuroUSEC) is the European sister of the established USEC workshop, and thus as a premier forum for research in the area of human factors in security and privacy. EuroUSEC has been accepted as a workshop at the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017) and it will be held in Paris, France at UPMC Campus Jussieu on April 29, 2017. The European Workshop on Usable Security solicits previously unpublished work offering novel research contributions in any aspect of human factors in security and privacy for end-users and IT professional such as software developers and administrators of IT systems. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security and privacy as well as researchers and practitioners from other domains such as psychology, social science and economics.

Keynote Speaker:

Angela Sasse
Professor of Human-Centred Security and Director of the UK Research Institute in Science of Cyber Security


Would you like some Anti-Virus Protection with that? Adventures in Point-of-Sale Security

Arguably, the purchase of a new computer or laptop is a point when people are most prepared to consider what they should do to keep it secure. In this talk, I will present initial insights from a study of how security features in sales conversations and buying decisions. We interviewed customers and sales staff about awareness of threats, how they can be managed, and how customers react to unsolicited security advice and being offered add-on security software. We found that sales staff are an important source of security advice, especially for older buyers, whereas younger ones are (over)confident in their skills as digital natives and more inclined to dismiss advice. The conversations also yielded a number of suprising security urban myths about threats and protection.

Tentative Schedule

Registration, Coffee & Refreshments

08:00 - 09:00

Session #1: IT professionals

09:00 - 10:30

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security
C. Weir, A. Rashid (Lancaster University, UK); J. Noble (Victoria University of Wellington, NZ)
Finding Security Champions in Blends of Security Culture
I. Becker, S. Parkin, M. Sasse (University College London)
I Do and I Understand. Not Yet True for Security APIs. So Sad
Luigi Lo Iacono, Peter Leo Gorski (Cologne University of Applied Sciences)
Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols
Ksenia Ermoshina (CNRS); Harry Halpin (INRIA); Francesca Musiani (CNRS)

Coffee Break

10:30 - 11:00

Session #2: Work in Progress

11:00 - 12:00

Security Narrative: Can (Language) Insecurities be Beneficial for Security Departments?
Karoline Busse (University of Bonn); Jennifer Seifert (University of Hannover); Matthew Smith (University of Bonn)
An Inquiry into Perception and Usage of Smartphone Permissions Models
Sophie Russ, Lena Reinfelder (University of Erlangen-Nuremberg); Andrea Schankin (Karlsruhe Institute of Technology); Zinaida Benenson (University of Erlangen-Nuremberg)
Riddle me this! Context Sensitive CAPTCHAs
Tobias Urban, René Riedel, Norbert Pohlmann (Institute for Internet-Security, Westphalian University of Applied Sciences, Gelsenkirchen); Ulrike Schmuntzsch Matthias Rötting (Human-Machine-Systems, Berlin Institute of Technology, Berlin)
Providing smartphone data visualizations to support Privacy Literacy
Timo Jakobi (Bonn-Rhein-Sieg University of Applied Science, Sankt Augustin); Edna Kropp (Akquinet AG, Berlin); Gunnar Stevens (Bonn-Rhein-Sieg University of Applied Science, Sankt Augustin); Mats Schmal (University of Siegen, Siegen)

Lunch Break

12:00 - 14:00


14:00 - 14:50

Would you like some Anti-Virus Protection with that? Adventures in Point-of-Sale Security
Angela Sasse
Professor of Human-Centred Security and Director of the UK Research Institute in Science of Cyber Security

Session #3: What is secure?

14:50 - 15:30

What is a Secure Email?
Joscha Lausch, Oliver Wiese, Volker Roth (Freie Universität Berlin)
Effects of information security risk visualization on managerial decision making
Esra Yildiz (Universität Münster); Rainer Böhme (Universität Innsbruck)


15:30 - 16:00

Session #4A: Protecting end users

16:00 - 17:00

The Security Blanket of the Chat World: An Analytic Evaluation and a User Study of Telegram
Ruba Abu-Salma (University College London (UCL), UK); Kat Krol (University of Cambridge, UK); Simon Parkin, Victoria Koh, Kevin Kwan, Jazib Mahboob, Zahra Traboulsi, M. Angela Sasse (University College London (UCL), UK)
Personalized Security Messaging: Nudges for Compliance with Browser Warnings
Nathan Malkin (University of California, Berkeley); Arunesh Mathur (Princeton University); Marian Harbach (International Computer Science Institute); Serge Egelman (University of California, Berkeley; International Computer Science Institute); Eyal Peer (Bar-Ilan University)
Information Leakage through Mobile Motion Sensors: User Awareness and Concerns
Kirsten Crager, Anindya Maiti, Murtuza Jadliwala, Jibo He (Wichita State University)

Session #4B: People and Passwords

17:00 - 18:00

Pass-Roll and Pass-Scroll : New Graphical User Interfaces for Improving Text Passwords
Harshal Tupsamudre (TCS Research, India); Akhil Dixit (UC Santa Cruz); Vijayanand Banahatti, Sachin Lodha (TCS Research, India)
Pico in the Wild: Replacing Passwords, One Site at a Time
Seb Aebischer, Claudio Dettoni, Graeme Jenkinson, Kat Krol, David Llewellyn-Jones (University of Cambridge, UK); Toshiyuki Masui (Keio University, Japan); Frank Stajano (University of Cambridge, UK)
Password Logbooks and What Their Amazon Reviews Reveal About Their Users’ Motivations, Beliefs, and Behaviors
Ross Koppel (University of Pennsylvania); Jim Blythe (ISI, University of Southern California); Vijay Kothari, Sean Smith (Dartmouth College)

Call for Papers

We invite authors to submit original work describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. We explicitely welcome work on evaluating existing or experimental research methods. Topics include, but are not limited to:
  • innovative security or privacy functionality and design
  • new applications of existing models or technology
  • field studies of security or privacy technology
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • longitudinal studies of deployed security or privacy features
  • studies of administrators or developers and support for security and privacy
  • psychological, sociological and economic aspects of security and privacy
  • the impact of organizational policy or procurement decisions
  • methodology for usable security and privacy research
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of replicating previously published studies and experiments
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience
  • this topic list is not exhaustive

Important Dates (tentative)

Paper submission deadlineTuesday, March 21, 2017 (extended) (Anywhere on Earth)
NotificationFriday, March 31, 2017
Camera readyTuesday, April 18, 2017
WorkshopSaturday, April 29, 2017

Submission Instructions

All submissions must be original work; authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chair if there are questions about this policy. Papers should be written in English. Papers must be up to 10 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices, so your paper should be self-contained without them. Accepted papers will be published online with their supplementary appendices included. Submissions must be no more than 20 pages total including bibliography and appendices. Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls in Compsoc Conference Mode. The template is available here. Failure to adhere to the page limit and formatting requirements risks rejection on that basis. Submissions do not have to be anonymised for review. Please clearly refer to your own related work.

Submission Site

Please submit your submission to our HotCRP.


The proceedings will be published by the Internet Society after the workshop. For the workshop, a pre-print will be made available on the workshop webpage.

Steering Committee

  • Andrew A. Adams, Meiji University
  • Jim Blythe, University of Southern California
  • Jean Camp, Indiana University
  • Angela Sasse, University College London
  • Matthew Smith, University of Bonn, Fraunhofer FKIE

Program Committee Chairs

Program Committee

  • Yasemin Acar, CISPA, Saarland University
  • Adam Aviv, U.S. Naval Academy
  • Adam Bates, University of Illinois at Urbana-Champaign
  • Lujo Bauer, CMU
  • Rainer Böhme, Innsbruck University
  • Joseph Bonneau, Stanford
  • Markus Dürmuth, Ruhr University Bochum
  • Sascha Fahl, CISPA, Saarland University
  • Simson Garfinkel, U.S. Census Bureau
  • Seda Gürses, KU Leuven
  • Martin Johns, SAP Research
  • Janne Lindqvist, Rutgers University
  • Nick Nikiforakis, Stony Brook University
  • Brad Reaves, University of Florida
  • Elissa Redmiles, University of Maryland
  • Volker Roth, Freie Universität Berlin
  • Scott Ruoti, MIT Lincoln Lab
  • Angela Sasse, University College London
  • Matthew Smith, University of Bonn, Fraunhofer FKIE
  • Elizabeth Stobert, ETH Zürich
  • Pawel Szalachowski, ETH Zurich
  • Blase Ur, University of Chicago
  • Rick Wash, Michigan State University
  • Charles Weir, Lancaster University
  • Mary Ellen Zurko, Cisco Systems

Web Chair

  • Christian Stransky, CISPA, Saarland University

Venue and Registration

The workshop is colocated with the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017), please refer to the conference website for further information and registration.

Go to the registration